[{"data":1,"prerenderedAt":1516},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy\u002Fnetwork-security":3,"help-article-\u002Fsecurity-privacy\u002Fnetwork-security":4,"related-articles-\u002Fsecurity-privacy\u002Fnetwork-security":526},[],{"id":5,"title":6,"body":7,"category":508,"description":509,"draft":510,"extension":511,"meta":512,"navigation":513,"order":514,"path":515,"relatedArticles":516,"seo":520,"slug":521,"stem":522,"updatedAt":523,"__hash__":524,"excerpt":509,"searchText":525},"help\u002Fhelp\u002Fsecurity-privacy\u002F06.network-security.md","Network security",{"type":8,"value":9,"toc":495},"minimark",[10,14,21,26,163,167,182,196,199,202,206,212,220,223,232,236,243,249,252,256,262,269,275,278,288,291,294,297,301,308,311,420,423,449,453,462,469,481,485],[11,12,13],"p",{},"Every connection MultiClaw makes is encrypted and authenticated. Your machine opens no inbound ports, and each credential stays within its intended trust zone.",[11,15,16],{},[17,18],"img",{"alt":19,"src":20},"MultiClaw security architecture — the four components and how they connect across trust boundaries","\u002Fimages\u002Fmulticlaw-security-architecture.png",[22,23,25],"h2",{"id":24},"connection-summary","Connection summary",[27,28,29,51],"table",{},[30,31,32],"thead",{},[33,34,35,39,42,45,48],"tr",{},[36,37,38],"th",{},"Connection",[36,40,41],{},"Protocol",[36,43,44],{},"Authentication",[36,46,47],{},"Data carried",[36,49,50],{},"Notes",[52,53,54,87,105,125,145],"tbody",{},[33,55,56,60,71,74,77],{},[57,58,59],"td",{},"Desktop app → MultiClaw Cloud",[57,61,62,66,67,70],{},[63,64,65],"strong",{},"HTTPS"," (REST) and ",[63,68,69],{},"WSS"," (WebSocket)",[57,72,73],{},"Bearer token (persists until logout); WSS uses a separate short-lived HMAC token",[57,75,76],{},"Account, workspace, task, and agent configuration data; real-time status events",[57,78,79,82,83,86],{},[63,80,81],{},"TLS 1.2"," minimum, ",[63,84,85],{},"TLS 1.3"," preferred",[33,88,89,92,96,99,102],{},[57,90,91],{},"Local OpenClaw gateway → MultiClaw Cloud",[57,93,94,70],{},[63,95,69],{},[57,97,98],{},"Long-lived workspace auth token stored locally; per-session short-lived signed token (memory only)",[57,100,101],{},"Heartbeats, agent status, task execution updates, configuration sync",[57,103,104],{},"Separate trust zone from the desktop app; each uses its own credentials",[33,106,107,110,116,119,122],{},[57,108,109],{},"Desktop app → local OpenClaw gateway",[57,111,112,115],{},[63,113,114],{},"HTTP on localhost"," (127.0.0.1)",[57,117,118],{},"Session token generated at gateway start",[57,120,121],{},"Agent commands, conversation messages, local status queries",[57,123,124],{},"Not exposed on any network interface",[33,126,127,130,136,139,142],{},[57,128,129],{},"Cloud desktop viewer",[57,131,132,135],{},[63,133,134],{},"WebRTC DataChannel"," (DTLS\u002FSCTP)",[57,137,138],{},"ICE negotiated via MultiClaw Cloud over WSS",[57,140,141],{},"JPEG video frames and input events",[57,143,144],{},"TURN relay used when direct peer-to-peer is unavailable",[33,146,147,150,154,157,160],{},[57,148,149],{},"LLM provider API calls",[57,151,152],{},[63,153,65],{},[57,155,156],{},"API key stored encrypted in MultiClaw Cloud, pushed to your instance during config sync",[57,158,159],{},"Prompts, model responses, and tool-call payloads",[57,161,162],{},"Encrypted at rest and in transit; does not appear in agent responses, transcripts, or logs",[22,164,166],{"id":165},"desktop-app-to-multiclaw-cloud","Desktop app to MultiClaw Cloud",[11,168,169,170,172,173,175,176,178,179,181],{},"Your desktop app connects to MultiClaw Cloud over ",[63,171,65],{}," for API calls and ",[63,174,69],{}," for real-time events. Both require ",[63,177,81],{}," at minimum; ",[63,180,85],{}," is preferred when available.",[11,183,184,185,188,189,191,192,195],{},"Authentication uses a ",[63,186,187],{},"bearer token"," issued when you sign in. The desktop app stores this token in the WebView's local storage, where it persists until you sign out. The ",[63,190,69],{}," connection uses a separate ",[63,193,194],{},"short-lived HMAC token"," that expires and refreshes automatically. Even if a WebSocket token is compromised, its short lifespan limits exposure.",[11,197,198],{},"The desktop app always initiates outbound connections. MultiClaw Cloud does not initiate connections back to your machine.",[11,200,201],{},"If the HTTPS or WSS connection drops, the desktop app reconnects automatically and re-authenticates with the existing bearer token. You don't need to sign in again unless the token has been revoked (for example, after a password change or a forced sign-out by a workspace owner).",[22,203,205],{"id":204},"local-openclaw-gateway-to-multiclaw-cloud","Local OpenClaw gateway to MultiClaw Cloud",[11,207,208,209,211],{},"The local OpenClaw gateway maintains its own ",[63,210,69],{}," connection to MultiClaw Cloud. This connection operates in a separate trust zone from the desktop app — each uses its own credentials and neither shares tokens with the other.",[11,213,214,215,219],{},"The gateway authenticates with a long-lived workspace auth token stored in ",[216,217,218],"code",{},"~\u002F.openclaw\u002Fopenclaw.json",". For each WebSocket session, the gateway generates a separate short-lived signed token in memory and does not write it to disk. When the session ends, the gateway discards the token and generates a new one on reconnect.",[11,221,222],{},"If the gateway's WebSocket connection drops, the gateway reconnects and generates a fresh short-lived session token. Running tasks continue locally during brief outages — status updates sync to MultiClaw Cloud once the connection is restored.",[11,224,225,226,231],{},"See ",[227,228,230],"a",{"href":229},"\u002Fhelp\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored","How credentials and secrets are stored"," for details on how these tokens are managed.",[22,233,235],{"id":234},"desktop-app-to-local-openclaw-gateway","Desktop app to local OpenClaw gateway",[11,237,238,239,242],{},"The desktop app communicates with the local OpenClaw gateway over ",[63,240,241],{},"HTTP on 127.0.0.1"," (localhost). This connection stays on your machine and is not exposed on any network interface — only local software can reach it.",[11,244,184,245,248],{},[63,246,247],{},"session token"," generated when the gateway starts. The gateway verifies the token on every request using HMAC-SHA256 and does not transmit it outside your machine.",[11,250,251],{},"Because this connection stays on localhost, it does not use TLS. The traffic never leaves your machine's loopback interface, so network-level interception is not possible under normal operating conditions.",[22,253,255],{"id":254},"cloud-desktop-viewer-webrtc","Cloud desktop viewer (WebRTC)",[11,257,258,259,261],{},"When you view a cloud desktop, the video stream travels over a ",[63,260,134],{}," using DTLS\u002FSCTP encryption. The cloud desktop sends JPEG frames directly to your desktop app, and the two endpoints negotiate a direct connection when possible.",[11,263,264,265,268],{},"If a direct connection is not possible (for example, due to a restrictive firewall), MultiClaw provides a ",[63,266,267],{},"TURN relay"," to carry the stream. The relay forwards encrypted data without decrypting it.",[11,270,271,272,274],{},"Connection negotiation (ICE candidates) runs through MultiClaw Cloud over the same ",[63,273,69],{}," channel used for real-time communication. ICE candidate exchange is authenticated through the existing WSS session, so unauthenticated parties cannot inject candidates.",[22,276,149],{"id":277},"llm-provider-api-calls",[11,279,280,281,284,285,287],{},"The local OpenClaw gateway calls your LLM provider (for example, ",[216,282,283],{},"api.openai.com",") directly over ",[63,286,65],{},".",[11,289,290],{},"MultiClaw Cloud stores your API key in encrypted form and delivers it to your instance during configuration sync. AES-256-GCM encryption, keyed to the instance token, protects the key in transit. On the instance, the gateway decrypts the key and uses it to call your LLM provider directly.",[11,292,293],{},"The API key does not appear in agent responses, transcripts, or logs returned to MultiClaw Cloud.",[11,295,296],{},"If you rotate your API key or change providers, update the key in your workspace settings. The new key takes effect on the next configuration sync.",[22,298,300],{"id":299},"outbound-connections-and-ports","Outbound connections and ports",[11,302,303,304,307],{},"MultiClaw makes only outbound connections from your machine. The desktop app does not open any inbound TCP or UDP ports. The local OpenClaw gateway listens only on ",[63,305,306],{},"localhost (127.0.0.1)",", so other devices on your network cannot reach it.",[11,309,310],{},"The table below lists every external host and port MultiClaw connects to. Share this with your IT team if you need firewall or proxy allowlisting.",[27,312,313,328],{},[30,314,315],{},[33,316,317,320,323,326],{},[36,318,319],{},"Service",[36,321,322],{},"Host",[36,324,325],{},"Port",[36,327,41],{},[52,329,330,348,364,385,401],{},[33,331,332,335,340,345],{},[57,333,334],{},"MultiClaw Cloud (API + WebSocket)",[57,336,337],{},[216,338,339],{},"*.multiclaw.io",[57,341,342],{},[216,343,344],{},"443",[57,346,347],{},"HTTPS, WSS",[33,349,350,353,358,362],{},[57,351,352],{},"Cloud desktop relay (signaling)",[57,354,355],{},[216,356,357],{},"turn.multiclaw.io",[57,359,360],{},[216,361,344],{},[57,363,65],{},[33,365,366,369,373,382],{},[57,367,368],{},"Cloud desktop relay (media)",[57,370,371],{},[216,372,357],{},[57,374,375,378,379],{},[216,376,377],{},"3478",", ",[216,380,381],{},"5349",[57,383,384],{},"UDP",[33,386,387,390,395,399],{},[57,388,389],{},"Auto-updater",[57,391,392],{},[216,393,394],{},"cdn.multiclaw.io",[57,396,397],{},[216,398,344],{},[57,400,65],{},[33,402,403,406,414,418],{},[57,404,405],{},"LLM providers (varies by config)",[57,407,408,409,378,411],{},"e.g. ",[216,410,283],{},[216,412,413],{},"api.anthropic.com",[57,415,416],{},[216,417,344],{},[57,419,65],{},[11,421,422],{},"You only need to allowlist the LLM provider hosts for the models you've configured.",[424,425,427],"callout",{"type":426},"tip",[11,428,429,430,433,434,436,437,440,441,443,444,448],{},"If your network blocks outbound UDP, set ",[63,431,432],{},"WebRTC connection mode"," to ",[63,435,267],{}," in ",[63,438,439],{},"Settings → Gateway → Browser Automation",". This routes cloud desktop traffic over TCP port ",[216,442,344],{}," instead. See ",[227,445,447],{"href":446},"\u002Fhelp\u002Ftroubleshooting\u002Fconnections-blocked-by-a-firewall-or-proxy","Connections blocked by a firewall or proxy"," for full troubleshooting steps.",[22,450,452],{"id":451},"tls-and-certificate-verification","TLS and certificate verification",[11,454,455,456,458,459,461],{},"All external connections use ",[63,457,81],{}," at minimum, with ",[63,460,85],{}," preferred when both endpoints support it. The localhost connection between the desktop app and the local OpenClaw gateway is the only unencrypted path, and that traffic never leaves your machine.",[11,463,464,465,468],{},"TLS certificate verification uses your ",[63,466,467],{},"operating system's trust store",". MultiClaw does not currently pin certificates — it trusts the same certificate authorities your OS trusts.",[424,470,472],{"type":471},"warning",[11,473,474,475,477,478,480],{},"If your network uses deep packet inspection (DPI) that intercepts and re-signs TLS traffic, WebSocket and WebRTC connections may fail even when the domain is allowlisted. Ask your IT team to exclude ",[216,476,339],{}," and ",[216,479,357],{}," from DPI inspection.",[22,482,484],{"id":483},"proxy-support","Proxy support",[11,486,487,488,477,491,494],{},"MultiClaw respects the system ",[216,489,490],{},"HTTP_PROXY",[216,492,493],{},"HTTPS_PROXY"," environment variables. Set these in your shell profile or system environment settings before launching the app. No additional proxy configuration is needed inside MultiClaw.",{"title":496,"searchDepth":497,"depth":497,"links":498},"",2,[499,500,501,502,503,504,505,506,507],{"id":24,"depth":497,"text":25},{"id":165,"depth":497,"text":166},{"id":204,"depth":497,"text":205},{"id":234,"depth":497,"text":235},{"id":254,"depth":497,"text":255},{"id":277,"depth":497,"text":149},{"id":299,"depth":497,"text":300},{"id":451,"depth":497,"text":452},{"id":483,"depth":497,"text":484},"security-privacy","How MultiClaw secures every network connection using TLS, authenticated tokens, and no inbound ports.",false,"md",{},true,6,"\u002Fsecurity-privacy\u002Fnetwork-security",[517,518,519],"security-privacy\u002Fsecurity-overview","security-privacy\u002Fdata-encryption","security-privacy\u002Fhow-credentials-and-secrets-are-stored",{"title":6,"description":509},"network-security","help\u002Fsecurity-privacy\u002F06.network-security","2026-03-31","yeEOmYYO8SAKtVIU9P-lN5DuDXT7TsATmI06m_VuXt8","Network security How MultiClaw secures every network connection using TLS, authenticated tokens, and no inbound ports.",[527,801,1211],{"id":528,"title":529,"body":530,"category":508,"description":787,"draft":510,"extension":511,"meta":788,"navigation":513,"order":789,"path":790,"relatedArticles":791,"seo":795,"slug":796,"stem":797,"updatedAt":798,"__hash__":799,"excerpt":787,"searchText":800},"help\u002Fhelp\u002Fsecurity-privacy\u002F01.security-overview.md","Security overview",{"type":8,"value":531,"toc":772},[532,542,545,549,552,568,571,575,581,585,588,594,598,601,607,611,632,639,643,646,653,657,663,668,672,679,686,690,693,700,704,707,713,717,724,731,735,738,744,748,751,758,762,765],[11,533,534,535,538,539,287],{},"MultiClaw protects your data through multiple independent security layers: local credential storage, TLS connections, app sandboxing, and zero telemetry. Each layer works on its own, reducing the risk that a single vulnerability leads to broader exposure. The architecture follows ",[63,536,537],{},"defense-in-depth"," principles aligned with ",[63,540,541],{},"ISO\u002FIEC 27001:2022",[11,543,544],{},"This article gives you a high-level view of how MultiClaw handles security and privacy. Each section links to a dedicated article with full details.",[22,546,548],{"id":547},"separate-trust-zones","Separate trust zones",[11,550,551],{},"The desktop app, the local OpenClaw gateway, and MultiClaw Cloud operate as three distinct trust zones, each with its own authentication:",[553,554,555,562],"ul",{},[556,557,558,561],"li",{},[63,559,560],{},"Desktop app",": connects to MultiClaw Cloud over HTTPS and WSS for API calls, real-time updates, agent configuration, and session data.",[556,563,564,567],{},[63,565,566],{},"Local OpenClaw gateway",": connects to MultiClaw Cloud separately over an authenticated WebSocket secured with short-lived signed tokens. These tokens rotate automatically, so a captured token expires before it can be reused.",[11,569,570],{},"Each connection enforces its own credentials. No zone shares authentication tokens with another.",[11,572,573],{},[17,574],{"alt":19,"src":20},[11,576,225,577,580],{},[227,578,6],{"href":579},"\u002Fhelp\u002Fsecurity-privacy\u002Fnetwork-security"," for details on how each connection is secured.",[22,582,584],{"id":583},"authentication-and-login-security","Authentication and login security",[11,586,587],{},"All authentication is handled by MultiClaw Cloud. You can sign in with email and password or through Multiplai single sign-on (SSO). Sessions use short-lived tokens that rotate automatically, and repeated failed login attempts trigger temporary account lockouts.",[11,589,225,590,593],{},[227,591,584],{"href":592},"\u002Fhelp\u002Fsecurity-privacy\u002Fauthentication-and-login-security"," for details on session handling, token rotation, and lockout policies.",[22,595,597],{"id":596},"roles-and-access-control","Roles and access control",[11,599,600],{},"MultiClaw uses role-based access control (RBAC) in workspaces. Each person is assigned exactly one role — Owner or Member — which determines what they can view, create, and manage. Permissions follow a least-privilege model: users only have access to what their role requires.",[11,602,225,603,606],{},[227,604,597],{"href":605},"\u002Fhelp\u002Fsecurity-privacy\u002Froles-and-access-control"," for the full permission matrix.",[22,608,610],{"id":609},"encryption-at-rest-and-in-transit","Encryption at rest and in transit",[11,612,613,616,617,619,620,623,624,627,628,631],{},[63,614,615],{},"Config values"," are stored in your local config file (",[216,618,218],{},") as plain JSON. The file is not encrypted at rest; it is protected by your operating system's file permissions. Credentials and API keys stored in ",[63,621,622],{},"MultiClaw Cloud"," receive an additional application-layer encryption with ",[63,625,626],{},"AES-256"," on top of AWS disk encryption. All connections to external MultiClaw services use ",[63,629,630],{},"TLS 1.2 or higher",", covering both HTTPS and WebSocket (WSS) traffic. Communication between the desktop app and the local OpenClaw gateway uses an unencrypted connection on localhost only — this traffic never leaves your machine.",[11,633,225,634,638],{},[227,635,637],{"href":636},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption"," for the full encryption model.",[22,640,642],{"id":641},"local-first-data-storage","Local-first data storage",[11,644,645],{},"Your agents, conversations, and credentials are stored on your machine by default. When you're not connected to a workspace, everything stays local. When you connect to a workspace, conversation transcripts sync to MultiClaw Cloud automatically.",[11,647,225,648,652],{},[227,649,651],{"href":650},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-residency-and-storage","Data residency and storage"," for details on where your data lives.",[22,654,656],{"id":655},"credential-and-secret-storage","Credential and secret storage",[11,658,659,660,662],{},"Credentials and other sensitive values are stored in your local config file (",[216,661,218],{},") as plain JSON, protected by operating system file permissions. The desktop app does not send stored credentials to MultiClaw Cloud. Each credential is scoped to the context that needs it.",[11,664,225,665,667],{},[227,666,230],{"href":229}," for details on how credentials are stored, scoped, and managed.",[22,669,671],{"id":670},"sandboxed-desktop-app","Sandboxed desktop app",[11,673,674,675,678],{},"The desktop app is built on ",[63,676,677],{},"Tauri v2",", which enforces a capability-based permission model. The interface layer cannot access your filesystem or start processes on its own. Every sensitive operation goes through an explicitly declared Tauri command, limiting the potential damage from any interface-level vulnerability.",[11,680,225,681,685],{},[227,682,684],{"href":683},"\u002Fhelp\u002Fsecurity-privacy\u002Fdesktop-app-security","Desktop app security"," for details on the sandboxing model and capability declarations.",[22,687,689],{"id":688},"browser-extension-isolation","Browser extension isolation",[11,691,692],{},"The MultiClaw Chrome Extension content script is loaded on all pages, but it only captures and transmits interaction data when a recording session is active. Event listeners are registered when the extension loads; they check whether recording is active before capturing anything, and no data is collected or sent between sessions.",[11,694,225,695,699],{},[227,696,698],{"href":697},"\u002Fhelp\u002Fsecurity-privacy\u002Fbrowser-extension-security","Browser extension security"," for full details on what the extension accesses and when.",[22,701,703],{"id":702},"privacy-and-data-handling","Privacy and data handling",[11,705,706],{},"MultiClaw Desktop does not collect usage analytics or telemetry. If the app crashes, the crash log stays on your machine. Conversation content stays on your machine unless you choose to sync it to a workspace. MultiClaw Cloud stores only the account, workspace, and session data needed to operate the service.",[11,708,225,709,712],{},[227,710,703],{"href":711},"\u002Fhelp\u002Fsecurity-privacy\u002Fprivacy-and-data-handling"," for what data MultiClaw collects, how long it's retained, and your rights.",[22,714,716],{"id":715},"signed-updates-and-supply-chain-security","Signed updates and supply chain security",[11,718,719,720,723],{},"App updates are signed with ",[63,721,722],{},"minisign",". Before installing an update, the updater verifies the signature against the published public key and rejects any update with an invalid or missing signature. Third-party dependencies are pinned to exact versions, scanned for vulnerabilities, and reviewed before they ship.",[11,725,225,726,730],{},[227,727,729],{"href":728},"\u002Fhelp\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security","Dependency and supply chain security"," for the full scanning and review process.",[22,732,734],{"id":733},"allowed-external-connections","Allowed external connections",[11,736,737],{},"MultiClaw makes a fixed, documented set of outbound connections from your machine. Each connection has a specific purpose — API calls, real-time updates, AI execution, or update checks. No undocumented connections are made.",[11,739,225,740,743],{},[227,741,734],{"href":742},"\u002Fhelp\u002Fsecurity-privacy\u002Fallowed-external-connections"," for the full list of endpoints, protocols, and when each connection occurs.",[22,745,747],{"id":746},"incident-reporting","Incident reporting",[11,749,750],{},"If you discover a security vulnerability, you can report it directly to the MultiClaw security team. Reports are acknowledged within 24 hours and follow a structured triage and resolution process.",[11,752,225,753,757],{},[227,754,756],{"href":755},"\u002Fhelp\u002Fsecurity-privacy\u002Fincident-reporting-and-response","Incident reporting and response"," for how to submit a report and what to expect.",[22,759,761],{"id":760},"shared-responsibility","Shared responsibility",[11,763,764],{},"Security in MultiClaw is a shared effort. MultiClaw secures the infrastructure, encrypts data in transit, and hardens the app. You're responsible for protecting your credentials, managing workspace access, and configuring agents appropriately.",[11,766,225,767,771],{},[227,768,770],{"href":769},"\u002Fhelp\u002Fsecurity-privacy\u002Fshared-responsibility-model","Shared responsibility model"," for a clear breakdown of what each party owns.",{"title":496,"searchDepth":497,"depth":497,"links":773},[774,775,776,777,778,779,780,781,782,783,784,785,786],{"id":547,"depth":497,"text":548},{"id":583,"depth":497,"text":584},{"id":596,"depth":497,"text":597},{"id":609,"depth":497,"text":610},{"id":641,"depth":497,"text":642},{"id":655,"depth":497,"text":656},{"id":670,"depth":497,"text":671},{"id":688,"depth":497,"text":689},{"id":702,"depth":497,"text":703},{"id":715,"depth":497,"text":716},{"id":733,"depth":497,"text":734},{"id":746,"depth":497,"text":747},{"id":760,"depth":497,"text":761},"MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{},1,"\u002Fsecurity-privacy\u002Fsecurity-overview",[518,792,793,519,794],"security-privacy\u002Fnetwork-security","security-privacy\u002Fbrowser-extension-security","security-privacy\u002Fprivacy-and-data-handling",{"title":529,"description":787},"security-overview","help\u002Fsecurity-privacy\u002F01.security-overview","2026-03-30","3x0_VX5XDDMQT5kwODVWQnpjsjlxJfe0Lbg5V4Kim9I","Security overview MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{"id":802,"title":637,"body":803,"category":508,"description":1200,"draft":510,"extension":511,"meta":1201,"navigation":513,"order":1202,"path":1203,"relatedArticles":1204,"seo":1206,"slug":1207,"stem":1208,"updatedAt":523,"__hash__":1209,"excerpt":1200,"searchText":1210},"help\u002Fhelp\u002Fsecurity-privacy\u002F04.data-encryption.md",{"type":8,"value":804,"toc":1185},[805,808,812,817,866,871,913,917,922,932,935,941,944,954,957,961,964,1027,1031,1034,1037,1040,1044,1047,1078,1080,1083,1151,1155,1168,1174,1180],[11,806,807],{},"MultiClaw encrypts credentials and API keys stored in MultiClaw Cloud and secures all external traffic in transit with TLS. Your local OpenClaw config file, conversation history, and agent definitions are stored as plain text on your device, protected only by OS file permissions.",[22,809,811],{"id":810},"protection-overview","Protection overview",[11,813,814],{},[63,815,816],{},"On your device:",[27,818,819,829],{},[30,820,821],{},[33,822,823,826],{},[36,824,825],{},"Data",[36,827,828],{},"Protection at rest",[52,830,831,841,849,859],{},[33,832,833,838],{},[57,834,835,836],{},"API keys and credentials in ",[216,837,218],{},[57,839,840],{},"Not encrypted (plain JSON, OS file permissions)",[33,842,843,846],{},[57,844,845],{},"Desktop app authentication bearer token",[57,847,848],{},"Not encrypted (WebView local storage)",[33,850,851,857],{},[57,852,853,854],{},"Conversations in ",[216,855,856],{},"~\u002F.openclaw\u002Fconversations\u002F",[57,858,840],{},[33,860,861,864],{},[57,862,863],{},"Agent definitions, skill files, workflow recordings",[57,865,840],{},[11,867,868],{},[63,869,870],{},"In MultiClaw Cloud (when connected to a workspace):",[27,872,873,881],{},[30,874,875],{},[33,876,877,879],{},[36,878,825],{},[36,880,828],{},[52,882,883,891,899,906],{},[33,884,885,888],{},[57,886,887],{},"LLM API keys and instance credentials",[57,889,890],{},"AWS disk encryption + application-layer AES-256",[33,892,893,896],{},[57,894,895],{},"Synced conversations",[57,897,898],{},"AWS disk encryption",[33,900,901,904],{},[57,902,903],{},"Synced agent definitions and skill files",[57,905,898],{},[33,907,908,911],{},[57,909,910],{},"Workspace and account metadata",[57,912,898],{},[22,914,916],{"id":915},"encryption-at-rest","Encryption at rest",[918,919,921],"h3",{"id":920},"local-device","Local device",[11,923,924,925,927,928,931],{},"Your local OpenClaw config file (",[216,926,218],{},") is stored as ",[63,929,930],{},"plain JSON"," on disk. It is not encrypted. Access is limited by OS file permissions. Only your user account can read the file.",[11,933,934],{},"The OpenClaw runtime stores all configuration as plain JSON files. MultiClaw reads and writes these files but does not apply its own encryption layer.",[11,936,937,938,940],{},"The desktop app's authentication bearer token is stored in the WebView's local storage. The bearer token is separate from the gateway workspace auth token, which is stored in ",[216,939,218],{}," alongside the API keys. Neither token is encrypted at rest on the local device.",[918,942,622],{"id":943},"multiclaw-cloud",[11,945,946,947,950,951,953],{},"Workspace data stored in MultiClaw Cloud is hosted on ",[63,948,949],{},"AWS",", which encrypts storage volumes at rest using AWS-managed encryption keys. Sensitive values — such as LLM API keys and instance credentials — receive an additional layer of protection: they are encrypted at the application layer using ",[63,952,626],{}," before being stored. When MultiClaw Cloud syncs your configuration to a cloud desktop instance, it also encrypts API keys and credentials with AES-256-GCM in the sync payload, using a key derived from your instance token.",[11,955,956],{},"Application-layer encryption keys for credentials are managed by MultiClaw's infrastructure. Workspace members do not hold or control these keys.",[22,958,960],{"id":959},"encryption-in-transit","Encryption in transit",[11,962,963],{},"All traffic between MultiClaw components and external services travels over encrypted connections. The only exception is the link between the desktop app and the local OpenClaw gateway, which uses an unencrypted connection on localhost. This traffic never leaves your machine.",[27,965,966,974],{},[30,967,968],{},[33,969,970,972],{},[36,971,38],{},[36,973,41],{},[52,975,976,986,996,1007,1017],{},[33,977,978,981],{},[57,979,980],{},"Desktop app ↔ MultiClaw Cloud (HTTP)",[57,982,983,985],{},[63,984,65],{},": TLS 1.2 minimum, TLS 1.3 preferred",[33,987,988,991],{},[57,989,990],{},"Gateway ↔ MultiClaw Cloud (WebSocket)",[57,992,993,995],{},[63,994,69],{}," (WebSocket Secure): TLS-encrypted",[33,997,998,1001],{},[57,999,1000],{},"Desktop app ↔ local OpenClaw gateway",[57,1002,1003,1006],{},[63,1004,1005],{},"WS\u002FHTTP on localhost",": unencrypted, never leaves your machine",[33,1008,1009,1012],{},[57,1010,1011],{},"Local gateway → LLM provider API",[57,1013,1014,1016],{},[63,1015,65],{},": TLS-encrypted",[33,1018,1019,1021],{},[57,1020,255],{},[57,1022,1023,1026],{},[63,1024,1025],{},"DTLS-SRTP",": standard encryption for peer-to-peer media",[22,1028,1030],{"id":1029},"what-is-not-encrypted-locally","What is not encrypted locally",[11,1032,1033],{},"The local files listed in the protection overview use OS file permissions as their only protection. That's sufficient against remote access, but it doesn't protect against physical access to your device.",[11,1035,1036],{},"If your device is lost, stolen, or accessed by someone with your OS credentials, these files are readable. Full-disk encryption closes this gap.",[11,1038,1039],{},"When you connect to a workspace, conversations, agent definitions, and skill files sync to MultiClaw Cloud, where they receive AWS disk encryption.",[918,1041,1043],{"id":1042},"enable-full-disk-encryption","Enable full-disk encryption",[11,1045,1046],{},"Full-disk encryption protects all files on your device, including the plain-text data listed above, from unauthorized physical access.",[553,1048,1049,1059,1072],{},[556,1050,1051,1054,1055,1058],{},[63,1052,1053],{},"macOS",": Open ",[63,1056,1057],{},"System Settings → Privacy & Security → FileVault"," and turn FileVault on.",[556,1060,1061,1054,1064,1067,1068,1071],{},[63,1062,1063],{},"Windows",[63,1065,1066],{},"Settings → Privacy & security → Device encryption",", or search for ",[63,1069,1070],{},"BitLocker"," on Pro and Enterprise editions.",[556,1073,1074,1077],{},[63,1075,1076],{},"Linux",": Most distributions offer LUKS encryption during installation. If your disk is not already encrypted, back up your data and reinstall with the encryption option enabled.",[22,1079,761],{"id":760},[11,1081,1082],{},"MultiClaw encrypts your credentials and API keys in the cloud. Protecting your local device is your responsibility.",[27,1084,1085,1098],{},[30,1086,1087],{},[33,1088,1089,1092,1095],{},[36,1090,1091],{},"Area",[36,1093,1094],{},"Who handles it",[36,1096,1097],{},"Protection",[52,1099,1100,1111,1121,1131,1142],{},[33,1101,1102,1105,1108],{},[57,1103,1104],{},"API keys and credentials in MultiClaw Cloud",[57,1106,1107],{},"MultiClaw",[57,1109,1110],{},"AES-256 application encryption + AWS disk encryption",[33,1112,1113,1116,1118],{},[57,1114,1115],{},"Cloud storage volumes",[57,1117,949],{},[57,1119,1120],{},"AWS-managed disk encryption",[33,1122,1123,1126,1128],{},[57,1124,1125],{},"Traffic between MultiClaw and external services",[57,1127,1107],{},[57,1129,1130],{},"TLS 1.2+ for HTTP, WSS for WebSocket",[33,1132,1133,1136,1139],{},[57,1134,1135],{},"Local config, agent files, and conversations",[57,1137,1138],{},"You",[57,1140,1141],{},"OS file permissions + full-disk encryption",[33,1143,1144,1147,1149],{},[57,1145,1146],{},"Authentication tokens on your device",[57,1148,1138],{},[57,1150,1141],{},[918,1152,1154],{"id":1153},"what-you-can-verify","What you can verify",[11,1156,1157,1160,1161,1164,1165,287],{},[63,1158,1159],{},"Full-disk encryption",": Check your OS settings using the instructions above. On macOS, look for \"FileVault: On\" in ",[63,1162,1163],{},"System Settings → Privacy & Security",". On Windows, look for \"Device encryption is on\" in ",[63,1166,1167],{},"Settings → Privacy & security",[11,1169,1170,1173],{},[63,1171,1172],{},"Transit encryption",": All connections from the desktop app and Gateway to MultiClaw Cloud use HTTPS and WSS. You can confirm this with browser developer tools or a network monitoring tool — all external traffic will show TLS certificates issued to MultiClaw domains.",[11,1175,1176,1179],{},[63,1177,1178],{},"Cloud encryption at rest",": Application-layer encryption of cloud-stored credentials is handled transparently by MultiClaw's infrastructure. You cannot inspect it directly — this is a trust boundary inherent to any cloud-hosted service.",[424,1181,1182],{"type":426},[11,1183,1184],{},"MultiClaw Cloud encrypts credentials and API keys stored in its database. Local files on your device — including config, conversations, and agent data — are not encrypted by MultiClaw. Full-disk encryption is the most effective way to protect them.",{"title":496,"searchDepth":497,"depth":497,"links":1186},[1187,1188,1193,1194,1197],{"id":810,"depth":497,"text":811},{"id":915,"depth":497,"text":916,"children":1189},[1190,1192],{"id":920,"depth":1191,"text":921},3,{"id":943,"depth":1191,"text":622},{"id":959,"depth":497,"text":960},{"id":1029,"depth":497,"text":1030,"children":1195},[1196],{"id":1042,"depth":1191,"text":1043},{"id":760,"depth":497,"text":761,"children":1198},[1199],{"id":1153,"depth":1191,"text":1154},"MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{},4,"\u002Fsecurity-privacy\u002Fdata-encryption",[517,792,519,1205],"security-privacy\u002Fdata-residency-and-storage",{"title":637,"description":1200},"data-encryption","help\u002Fsecurity-privacy\u002F04.data-encryption","PS01Cx_PLkHKehAf_-QLVhM6_dJhqwlHYiJ4B5fUh18","Data encryption MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{"id":1212,"title":230,"body":1213,"category":508,"description":1505,"draft":510,"extension":511,"meta":1506,"navigation":513,"order":1507,"path":1508,"relatedArticles":1509,"seo":1511,"slug":1512,"stem":1513,"updatedAt":523,"__hash__":1514,"excerpt":1505,"searchText":1515},"help\u002Fhelp\u002Fsecurity-privacy\u002F09.how-credentials-and-secrets-are-stored.md",{"type":8,"value":1214,"toc":1496},[1215,1218,1312,1315,1318,1324,1327,1330,1334,1344,1353,1356,1363,1383,1386,1392,1399,1402,1405,1416,1420,1423,1438,1441,1446,1450,1453,1467,1471,1474,1488],[11,1216,1217],{},"MultiClaw stores your LLM API keys encrypted in MultiClaw Cloud, auth tokens in local config files protected by OS file permissions, and session tokens in memory only. The table below shows where each secret lives, how it's protected, and how to clear it.",[27,1219,1220,1236],{},[30,1221,1222],{},[33,1223,1224,1227,1230,1233],{},[36,1225,1226],{},"Secret",[36,1228,1229],{},"Where it lives",[36,1231,1232],{},"Encrypted at rest",[36,1234,1235],{},"Cleared by",[52,1237,1238,1252,1270,1285,1298],{},[33,1239,1240,1243,1246,1249],{},[57,1241,1242],{},"LLM API keys",[57,1244,1245],{},"MultiClaw Cloud database",[57,1247,1248],{},"Yes — AES-256 application-level encryption",[57,1250,1251],{},"Removing the key from your agent's settings",[33,1253,1254,1257,1264,1267],{},[57,1255,1256],{},"LLM API keys (cloud desktop sync)",[57,1258,1259,1260,1263],{},"Cloud desktop instance config (prefixed ",[216,1261,1262],{},"enc:",")",[57,1265,1266],{},"Yes — AES-256-GCM per-instance key",[57,1268,1269],{},"Instance reset or re-sync from MultiClaw Cloud",[33,1271,1272,1275,1279,1282],{},[57,1273,1274],{},"Gateway workspace auth token",[57,1276,1277],{},[216,1278,218],{},[57,1280,1281],{},"No — OS file permissions only",[57,1283,1284],{},"Removing the user from the workspace",[33,1286,1287,1290,1293,1295],{},[57,1288,1289],{},"Desktop app bearer token",[57,1291,1292],{},"Desktop app WebView local storage",[57,1294,1281],{},[57,1296,1297],{},"Signing out of the desktop app",[33,1299,1300,1303,1306,1309],{},[57,1301,1302],{},"WebSocket session tokens",[57,1304,1305],{},"Memory only — not written to disk",[57,1307,1308],{},"N\u002FA",[57,1310,1311],{},"Connection close or token expiry",[22,1313,1242],{"id":1314},"llm-api-keys",[11,1316,1317],{},"MultiClaw Cloud stores your LLM provider API keys in its database, encrypted at rest with application-level encryption.",[11,1319,1320,1321,1323],{},"When MultiClaw syncs your configuration to a cloud desktop, it re-encrypts each API key with AES-256-GCM using a per-instance key derived through HKDF-SHA256. MultiClaw writes the encrypted value (prefixed ",[216,1322,1262],{},") to the instance's local config. At runtime, the gateway decrypts the key in memory to call your LLM provider.",[11,1325,1326],{},"The desktop app and gateway are designed not to log configuration values. Under normal operation, keys do not appear in diagnostic logs.",[11,1328,1329],{},"To add, update, or remove an API key, open your agent's settings in MultiClaw Cloud. Changes sync to connected cloud desktops on the next configuration push. Removing a key from MultiClaw Cloud deletes the encrypted copy from every synced instance.",[22,1331,1333],{"id":1332},"workspace-auth-token","Workspace auth token",[11,1335,1336,1337,1339,1340,1343],{},"When you sign in, MultiClaw Cloud issues a long-lived auth token stored in ",[216,1338,218],{}," as a plain JSON string. The gateway uses this token to authenticate WebSocket connections to MultiClaw Cloud. The token is not encrypted at rest. OS file permissions on ",[216,1341,1342],{},"~\u002F.openclaw\u002F"," control read access.",[424,1345,1347],{"type":1346},"note",[11,1348,1349,1350,1352],{},"OS file permissions mean that only your operating system user account is intended to read the contents of ",[216,1351,1342],{},". If you share an OS-level user account with other people, they may be able to read the token. Treat your OS user account as the trust boundary for this file.",[11,1354,1355],{},"The token is scoped to your user account and is not designed to permit access to another user's data.",[11,1357,1358,1359,1362],{},"To revoke access after a device is lost, a workspace owner can remove the user on the ",[63,1360,1361],{},"Users"," page in MultiClaw Cloud. MultiClaw does not currently offer per-device session revocation.",[424,1364,1365],{"type":426},[11,1366,1367,1368,1370,1371,1374,1375,1378,1379,1382],{},"On macOS and Linux, verify your ",[216,1369,1342],{}," directory permissions by running ",[216,1372,1373],{},"ls -ld ~\u002F.openclaw\u002F",". The output should show ",[216,1376,1377],{},"drwx------"," (owner-only access). On Windows, right-click the folder, open ",[63,1380,1381],{},"Properties → Security",", and confirm only your user account has read access.",[22,1384,1289],{"id":1385},"desktop-app-bearer-token",[11,1387,1388,1389,1391],{},"The desktop app uses a separate bearer token for its HTTP and real-time API calls to MultiClaw Cloud. It stores this token in its WebView local storage, not in ",[216,1390,218],{},", and does not encrypt it at rest.",[11,1393,1394,1395,1398],{},"This bearer token is distinct from the gateway workspace auth token. The gateway reads ",[216,1396,1397],{},"openclaw.json"," for its WebSocket connection, while the desktop app holds its own bearer token. Signing out of the desktop app clears the bearer token from local storage.",[22,1400,1302],{"id":1401},"websocket-session-tokens",[11,1403,1404],{},"Each WebSocket connection uses a short-lived HMAC-SHA256-signed token generated fresh for every session. These tokens exist in memory only while the connection is active and are not written to disk.",[11,1406,1407,1408,1411,1412,1415],{},"Token lifetime depends on the connection type: user session tokens expire after ",[63,1409,1410],{},"4 hours",", and daemon (cloud desktop) connection tokens expire after ",[63,1413,1414],{},"24 hours",". When a token expires, the system generates a new one automatically on reconnect.",[22,1417,1419],{"id":1418},"if-a-device-is-lost-or-compromised","If a device is lost or compromised",[11,1421,1422],{},"If you lose a device or suspect unauthorized access, take these steps in order:",[1424,1425,1426,1432,1435],"ol",{},[556,1427,1428,1429,1431],{},"Ask a workspace owner to remove your user account on the ",[63,1430,1361],{}," page in MultiClaw Cloud. This revokes the gateway workspace auth token stored on the device.",[556,1433,1434],{},"Sign in to MultiClaw Cloud from a trusted device and rotate any LLM API keys your agents use. Open your agent's settings, remove the current key, and add a new one.",[556,1436,1437],{},"If you use the same password elsewhere, change it. MultiClaw Cloud stores only a bcrypt hash of your password, but credential reuse remains a risk outside MultiClaw.",[11,1439,1440],{},"The desktop app bearer token is cleared when you sign out, but you cannot remotely sign out a lost device. Removing the user from the workspace is the primary revocation mechanism.",[424,1442,1443],{"type":471},[11,1444,1445],{},"MultiClaw does not currently offer per-device session revocation. Removing a user from the workspace revokes all of that user's tokens across every device.",[22,1447,1449],{"id":1448},"what-multiclaw-does-not-store","What MultiClaw does not store",[11,1451,1452],{},"MultiClaw does not retain the following values in their original form:",[553,1454,1455,1461],{},[556,1456,1457,1460],{},[63,1458,1459],{},"Plaintext passwords",": MultiClaw Cloud stores only a bcrypt hash of your password. Neither MultiClaw Cloud nor the desktop app is designed to retain the original password.",[556,1462,1463,1466],{},[63,1464,1465],{},"Browser cookies and session tokens",": MultiClaw is not designed to store cookies or session tokens from pages recorded during a workflow.",[22,1468,1470],{"id":1469},"your-responsibilities","Your responsibilities",[11,1472,1473],{},"MultiClaw encrypts API keys at rest, scopes tokens to your user account, and keeps session tokens short-lived. The protections above assume:",[553,1475,1476,1479,1482,1485],{},[556,1477,1478],{},"Your OS user account is not shared with other people.",[556,1480,1481],{},"Your device has full-disk encryption enabled (FileVault on macOS, BitLocker on Windows, LUKS on Linux).",[556,1483,1484],{},"You sign out of the desktop app before lending or decommissioning a device.",[556,1486,1487],{},"You keep your device locked when unattended.",[11,1489,1490,1491,1493,1494,287],{},"Without these measures, unencrypted tokens in ",[216,1492,1397],{}," and local storage are accessible to anyone with physical access to the device. For a full breakdown of where platform protections end and yours begin, see ",[227,1495,770],{"href":769},{"title":496,"searchDepth":497,"depth":497,"links":1497},[1498,1499,1500,1501,1502,1503,1504],{"id":1314,"depth":497,"text":1242},{"id":1332,"depth":497,"text":1333},{"id":1385,"depth":497,"text":1289},{"id":1401,"depth":497,"text":1302},{"id":1418,"depth":497,"text":1419},{"id":1448,"depth":497,"text":1449},{"id":1469,"depth":497,"text":1470},"API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.",{},9,"\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored",[518,517,1510,1205],"security-privacy\u002Fauthentication-and-login-security",{"title":230,"description":1505},"how-credentials-and-secrets-are-stored","help\u002Fsecurity-privacy\u002F09.how-credentials-and-secrets-are-stored","zk_b1Ew5T-ezUvHLnuGENrO82-pDLoeQaYbEfcU6ESI","How credentials and secrets are stored API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.",1778463887888]